Dozens of Red Hat packages backdoored through its offical NPM channel

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...
The Hacker News

âš¡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

CrowdStrike and Google take down botnet used by hackers to target open source software developers

Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the ...

OpenClaw Explained: The Viral AI Agent’s Surge and Security Risks

The tool operates with broad system privileges and autonomous execution capabilities, demonstrating how natural language can ...
Bleeping Computer

New Gogs zero-day flaw lets hackers get remote code execution

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
Computer Weekly

Glassworm botnet that targeted OS devs smashed to pieces

CrowdStrike, Google and the Shadowserver Foundation worked together to take down a botnet that poisoned over 300 GitHub ...